A practitioner led governance and implementation practice for boards, regulators, and product leaders adopting AI. We design the controls, then help your teams run them in production, so the posture holds up under audit, procurement, and supervisory review.
Built and run by a practitioner who has shipped AI inside regulated environments. The output is implementation, not recommendations on a page.
A four-to-six week diagnostic of your AI estate. System inventory, EU AI Act risk classification, ISO 42001 gap analysis, and a prioritised remediation plan your board, your engineers, and your auditors can all read.
EU AI Act, ISO/IEC 42001, NIST AI RMF, and DORA — implemented inside your existing SDLC, MLOps, and risk processes. One set of controls, multiple frameworks reported against.
Strategy, operating model, controls, and ongoing advisory for organisations governing AI in regulated environments. One named practitioner, no rotating juniors, evidence written for your stack.
From use case evaluation to responsible deployment. I sit with product and engineering teams making AI decisions in high-stakes environments, separating signal from theatre and turning intent into roadmaps your risk function can sign off on.
Practical sessions for leadership, legal, and engineering teams on AI-first adoption, secure AI practices, and what good governance looks like in the codebase, the pipeline, and the boardroom.
Engagements typically run 4 to 12 weeks, scoped to outcome.
Contact for pricing →Each engagement follows the same arc, discover, define, document, operate, but the deliverables and depth are scoped to where you are now and what your supervisors expect next.
Inventory of AI surfaces in production and pipeline. Risk classification against the regulatory frame that actually applies to you, including EU AI Act, ISO 42001, and DORA where relevant.
Define controls, accountabilities, and decision rights. Aligned with product reality and OWASP threat guidance for LLM and ML systems, not org chart fiction.
Documentation, model cards, monitoring, and audit trails. The artefacts you need before a regulator, auditor, or enterprise procurement team asks for them.
Embed review cadences, escalation paths, and training so governance lives in the workflow, not in a binder. Implementation support runs alongside your teams.
Dhvani Puar
Founder · Build It Safe
I'm Dhvani Puar. I've spent 11 years building and shipping AI-enabled products inside one of the world's most complex regulated environments — Mastercard's global payments network.
Fraud detection, AML transaction monitoring, cybersecurity platforms, biometric authentication, crypto risk. Products processing over a billion transactions. Regulatory obligations across 40+ markets. AI decisions operating under real scrutiny, not just on paper.
Build It Safe is the governance and implementation practice I run for organisations adopting AI without the infrastructure to support it safely. My clients tend to be fintechs and technology companies without a dedicated AI risk or compliance team, navigating regulatory pressure, model risk, or the practical challenge of making AI adoption defensible.
I don't sell frameworks for their own sake. The deliverable is always the same: decisions you can defend, controls your team can actually run, and a governance posture that survives the next audit, model release, or regulatory review.
Based in Dublin, working globally.
Originally published on LinkedIn, collected here for the people who don't live in the feed.
Teams that bolt on governance after launch end up rebuilding. The companies getting this right treat risk classification as a step in the product brief.
4 min read →Six questions that surface in nearly every conversation, and the artefacts you should have ready before the meeting is scheduled. EU AI Act, DORA, and ISO 42001 angles included.
6 min read →Frameworks fail when they assume a perfect org chart. Here's how to write controls product teams can actually implement on Monday morning, mapped to OWASP LLM risks.
5 min read →A 14 page brief covering the six questions every regulator asks, the artefacts you should have ready, and a one page board template. Built from real engagements, no sales fluff.
If yours isn't here, send it directly. I read every inquiry.
Ask a question →Boards, CXOs, and senior product or risk leaders inside regulated organisations, including banks, insurers, healthcare, and public sector, plus scale ups selling into them. If your AI deployment will be inspected, audited, or procured against, we're a fit.
Neither. I'm a practitioner. I work upstream of legal and audit, designing the product decisions, controls, and evidence, and then helping your teams implement them so those reviews don't become blockers.
EU AI Act, ISO/IEC 42001, NIST AI RMF, DORA, OWASP guidance for LLM and ML applications, sectoral guidance (for example EBA, PRA, FDA), and internal model risk frameworks. The framework is a means. The goal is a posture that holds up.
I don't hand over a deck and leave. Every engagement ships an implementation: controls deployed, evidence collected, teams trained, and a way to operate the posture after I step out.
Most engagements run 4 to 12 weeks against a defined outcome: a controls framework, an audit ready evidence pack, a board briefing, or a launch readiness review. I share a written proposal after the discovery call.
Yes, for clients who want ongoing access between engagements. Typically a fixed number of hours per month for advisory, review, and escalation support.
Always. NDAs are standard. I don't use client material in marketing without explicit, written permission.
Book a free 30-minute discovery call to talk through your situation, or send a written inquiry and I'll reply within two business days.
Book a discovery call